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CLAIMS 



What is claimed is: 



1. 



A network access system, comprising: 



an external processor that invokes a policy-based service on received 
messages; and 

a programmable access device having a message interface coupled to said 
external processor and first and second network interfaces through which packets 
are communicated with a network, wherein said programmable access device 
includes a packet header filter and a forwarding table that is utilized to route 
packets communicated between the first and second network interfaces, wherein 
said packet header filter identifies messages received at one of the first and second 
network interfaces on which policy-based services are to be implemented and 
passes identified messages via the message interface to the external processor for 
processing. 
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2. The network access system of Claim 1, and further comprising a policy 
server coupled to the external processor, wherein said policy server provides 
policy decisions to the external processor. 

3. The network access system of Claim 2, wherein the policy server is a first 
policy server, and wherein the external processor supports a plurality of policy 
servers including the first policy server. 

4. The network access system of Claim 2, wherein the external processor 
includes a policy cache that selectively caches policies obtained from the policy 
server. 

5. The network access system of Claim 1, wherein the external processor 
includes a plurality of service controllers that each implements a respective one of 
a plurality of services. 

6. The network access system of Claim 5, wherein the plurality of service 
controllers includes primary and secondary service controllers for a particular 
service, and wherein the secondary service controller provides said particular 
service to said programmable access device if said primary service controller fails. 

7. The network access system of Claim 5, wherein the external processor 
comprises at least one signaling controller that, responsive to one of said plurality 
of service controllers, performs network signaling to setup a network connection. 
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8. The network access system of Claim 1, wherein the programmable access 
device is a first programmable access device, and wherein the external processor 
includes a plurality of programmable access device controllers that each control a 
respective one of a plurality of programmable access devices including said first 
programmable access device. 

9. The network access system of Claim 1, and further comprising a network 
management server coupled to at least the external processor. 

10. The network access system of Claim 9, wherein the network management 
server includes a billing facility that bills customers in accordance with services 
implemented by the external processor. 

1 1 . The network access system of Claim 1 , said programmable access device 
further comprising a control interface, coupled to the external processor, through 
which operation of the packet header filter and forwarding table is controlled by 
the external processor. 

12. The network access system of Claim 1 5 wherein the programmable access 
device further comprises at least one monitor that gathers statistics regarding 
network traffic and a reporting interface through which reporting messages related 
to the statistics are communicated to the external processor. 

13. The network access system of Claim 1, wherein the packet header filter 
filters packets for service processing based upon protocol information 
pertaining to protocol layers higher than layer 3. 
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14. The network access system of Claim 1, wherein the programmable 
access device further comprises a policer that polices packets by reference to 
traffic parameters. 

15. The network access system of Claim 14, wherein the policer comprises 
a marker that marks packets that do not conform with the traffic parameters. 

16. The network access system of Claim 1, said programmable access 
device further comprising one or more output buffers and a scheduler that 
schedules the transmission of outgoing packets within the one or more output 
buffers to support multiple quality of service classes. 

17. The network access system of Claim 1, and further comprising an access 
router coupled to the second network interface of the programmable access device. 

18. The network access system of Claim 17, and further comprising a switched 
access network coupling said access router and the second network interface of the 
programmable access device. 

19. A network comprising: 

a network access system in accordance with Claim 17; 
at least one core router coupled to the access router; and 



a core communication link coupled to the core router. 




20. A network access system, comprising: 
a policy decision point; 

an external processor that invokes a policy-based service on received 
messages by reference to the policy decision point; 

a programmable access device having a message interface coupled to said 
external processor and first and second network interfaces through which packets 
are communicated with a network, wherein said programmable access device 
includes a packet header filter and a forwarding table that is utilized to route 
packets communicated between the first and second network interfaces, wherein 
said packet header filter identifies messages received at one of the first and second 
network interfaces on which policy-based services are to be implemented and 
passes identified messages via the message interface to the external processor for 
processing; and 

an access router coupled between the programmable access device,a-' 
network core. 
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21 . A network access method, comprising: 

in response to receiving a series of packet at a first network interface of a 
programmable access device, filtering the series of packets at the programmable 
access device to identify messages upon which policy-based services are to be 
implemented; 

passing identified messages to an external processor; 

performing service processing on identified messages at said service 
processor; and 

for messages that are not identified, routing packets by reference to a 
forwarding table in the programmable access device and outputting the routed 
packets at a second network interface of the programmable access device. 
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22. The network access method of Claim 21, and further comprising 
communicating policy decisions to the external processor from a policy server 
coupled to the external processor. 

23. The network access method of Claim 22, wherein the policy server is a first 
policy server, and the method further comprises coupling a plurality of policy 
servers including the first policy server to the external processor. 

24. The network access method of Claim 22, wherein the external processor 
includes a policy cache, and wherein the method further comprises selectively 
caching policies obtained from the policy server in the policy cache. 

25. The network access method of Claim 21, wherein the external processor 
includes a plurality of service controllers, and wherein the method further 
comprises implementing a respective one of a plurality of services with each of the 
plurality of service controllers. 

26. The network access method of Claim 25, wherein the plurality of service 
controllers includes primary and secondary service controllers for a particular 
service, and wherein the method further comprises providing said particular 
service to said programmable access device utilizing said secondary service 
controller if said primary service controller fails. 
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27. The network access method of Claim 25, wherein the external processor 
comprises at least one signaling controller, wherein the method further comprises 
performing network signaling to setup a network connection utilizing the at least 
one signaling controller. 

28. The network access method of Claim 21 , wherein the programmable access 
device is a first programmable access device and the external processor includes a 
plurality of programmable access device controllers, said method further 
comprising controlling each of a plurality of programmable access devices 
including said first programmable access device with a respective one of said 
plurality of programmable access device controllers. 

29. The network access method of Claim 21, and further comprising coupling a 
network management server at least the external processor. 

30. The network access method of Claim 29, and further comprising billing 
customers in accordance with services implemented by the external processor 
utilizing a billing facility of the network management server. 

3 1 . The network access method of Claim 2 1 , said programmable access device 
further comprising a control interface coupled to the external processor, said 
method further comprising coupling the control interface to the external processor 
and controlling operation of the packet header filter by the external processor 
through the control interface. 
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32. The network access method of Claim 2 1 , wherein the programmable access 
device further comprises at least one monitor, said method further comprising 
gathering statistics regarding network traffic utilizing the at least one monitor and 
communicating reporting messages related to the statistics to the external 
processor via a reporting interface. 

33. The network access method of Claim 21, wherein filtering comprises 
filtering packets for service processing based upon protocol information 
pertaining to protocol layers higher than layer 3. 

34. The network access method of Claim 21, wherein the programmable 
access device further comprises a policer and said method further comprises 
policing packets by reference to traffic parameters. 

35. The network access method of Claim 34, wherein the policer comprises 
a marker and said method further comprises marking packets that do not 
conform with the traffic parameters. 

36. The network access method of Claim 21, said programmable access 
device further comprising one or more output buffers and a scheduler, wherein 
the method further comprises scheduling the transmission of outgoing packets 
within the one or more output buffers to support multiple quality of service 
classes. 
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37. The network access method of Claim 21 , and further comprising coupling 
an access router to the second network interface of the programmable access 
device and transmitting network traffic from the programmable access device to 
the access router. 



38. The network access method of Claim 37, wherein coupling said access 
router comprises coupling said access router to the second network interface of the 
programmable access device with a switched access network. 



39. The network access method of Claim 21, wherein passing messages to the 
external processor comprises passing messages via an intermediate network. 



